1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-30 09:20:58 +01:00
phorge-phorge/resources/sql/autopatches
epriestley 17709bc167 Add multi-factor auth and TOTP support
Summary:
Ref T4398. This is still pretty rough and isn't exposed in the UI yet, but basically works. Some missing features / areas for improvement:

  - Rate limiting attempts (see TODO).
  - Marking tokens used after they're used once (see TODO), maybe. I can't think of ways an attacker could capture a token without also capturing a session, offhand.
  - Actually turning this on (see TODO).
  - This workflow is pretty wordy. It would be nice to calm it down a bit.
  - But also add more help/context to help users figure out what's going on here, I think it's not very obvious if you don't already know what "TOTP" is.
  - Add admin tool to strip auth factors off an account ("Help, I lost my phone and can't log in!").
  - Add admin tool to show users who don't have multi-factor auth? (so you can pester them)
  - Generate QR codes to make the transfer process easier (they're fairly complicated).
  - Make the "entering hi-sec" workflow actually check for auth factors and use them correctly.
  - Turn this on so users can use it.
  - Adding SMS as an option would be nice eventually.
  - Adding "password" as an option, maybe? TOTP feels fairly good to me.

I'll post a couple of screens...

Test Plan:
  - Added TOTP token with Google Authenticator.
  - Added TOTP token with Authy.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8875
2014-04-28 09:27:11 -07:00
..
20140104.harbormastercmd.sql Replace "Cancel Build" with "Stop", "Resume" and "Restart" 2014-01-06 12:32:20 -08:00
20140106.macromailkey.1.sql Add mailKey to macros 2014-01-06 12:17:23 -08:00
20140106.macromailkey.2.php Add mailKey to macros 2014-01-06 12:17:23 -08:00
20140108.ddbpname.1.sql Add names to Drydock blueprints 2014-01-09 10:56:34 -08:00
20140108.ddbpname.2.php Add names to Drydock blueprints 2014-01-09 10:56:34 -08:00
20140109.ddxactions.sql Add transactions to Drydock blueprint editing 2014-01-09 12:19:54 -08:00
20140109.projectcolumnsdates.sql Adding the create flow for Project Board (Workphlow) columns. 2014-01-09 16:12:11 -08:00
20140113.legalpadsig.1.sql Legalpad - make it work for not logged in users 2014-01-14 17:17:18 -08:00
20140113.legalpadsig.2.php Legalpad - make it work for not logged in users 2014-01-14 17:17:18 -08:00
20140115.auth.1.id.sql Give the session table a normal id column as a primary key 2014-01-15 13:55:18 -08:00
20140115.auth.2.expires.sql Expire and garbage collect unused sessions 2014-01-15 13:56:16 -08:00
20140115.auth.3.unlimit.php Remove session limits and sequencing 2014-01-15 17:27:59 -08:00
20140115.legalpadsigkey.sql Legalpad - add policy rule for legalpad document signatures 2014-01-15 16:48:44 -08:00
20140116.reporefcursor.sql Introduce ref cursors for repository parsing 2014-01-17 11:48:53 -08:00
20140126.diff.1.parentrevisionid.sql Update DifferentialDiff: add repositoryPHID, drop parentRevisionID 2014-01-26 15:29:22 -08:00
20140126.diff.2.repositoryphid.sql Update DifferentialDiff: add repositoryPHID, drop parentRevisionID 2014-01-26 15:29:22 -08:00
20140130.dash.1.board.sql Add initial skeleton for Dashboard application 2014-01-30 11:43:24 -08:00
20140130.dash.2.panel.sql Add initial skeleton for Dashboard application 2014-01-30 11:43:24 -08:00
20140130.dash.3.boardxaction.sql Add edit/view plumbing for dashboards and panels 2014-02-03 10:52:15 -08:00
20140130.dash.4.panelxaction.sql Add edit/view plumbing for dashboards and panels 2014-02-03 10:52:15 -08:00
20140130.mail.1.retry.sql Remove retry/failure mechanisms from MetaMTA 2014-02-01 14:35:42 -08:00
20140130.mail.2.next.sql Remove retry/failure mechanisms from MetaMTA 2014-02-01 14:35:42 -08:00
20140201.gc.1.mailsent.sql Add a GC for sent and received mail 2014-02-03 10:51:31 -08:00
20140201.gc.2.mailreceived.sql Add a GC for sent and received mail 2014-02-03 10:51:31 -08:00
20140205.cal.1.rename.sql Rename PhabricatorUserStatus to PhabricatorCalendarEvent 2014-02-06 10:07:29 -08:00
20140205.cal.2.phid-col.sql Assign PHIDs to calendar events 2014-02-06 10:10:43 -08:00
20140205.cal.3.phid-mig.php Assign PHIDs to calendar events 2014-02-06 10:10:43 -08:00
20140205.cal.4.phid-key.sql Assign PHIDs to calendar events 2014-02-06 10:10:43 -08:00
20140210.herald.rule-condition-mig.php Herald - make herald condition of herald rule display better 2014-02-10 14:40:09 -08:00
20140210.projcfield.1.blurb.php Migrate project blurb/description to standard custom field storage 2014-02-10 14:31:57 -08:00
20140210.projcfield.2.piccol.sql Migrate project profiles onto projects, and remove ProjectProfile object 2014-02-10 14:32:14 -08:00
20140210.projcfield.3.picmig.sql Migrate project profiles onto projects, and remove ProjectProfile object 2014-02-10 14:32:14 -08:00
20140210.projcfield.4.memmig.sql Allow unsubscription from projects 2014-02-11 07:45:56 -08:00
20140210.projcfield.5.dropprofile.sql [Later] Drop the project profile table 2014-04-24 08:15:24 -07:00
20140211.dx.1.nullablechangesetid.sql Migrate all Differential comment text into new storage 2014-02-11 11:34:15 -08:00
20140211.dx.2.migcommenttext.php Migrate all Differential comment text into new storage 2014-02-11 11:34:15 -08:00
20140211.dx.3.migsubscriptions.sql Move Differential to proper subscriptions 2014-02-12 08:53:40 -08:00
20140212.dx.1.armageddon.php Remove DifferentialComment 2014-03-11 13:02:33 -07:00
20140218.differentialdraft.sql Differential - add DifferentialDraft to track whether revisions have draft feedback or not 2014-02-18 16:25:16 -08:00
20140218.passwords.1.extend.sql Provide more storage space for password hashes and migrate existing hashes to "md5:" 2014-02-18 14:09:36 -08:00
20140218.passwords.2.prefix.sql Provide more storage space for password hashes and migrate existing hashes to "md5:" 2014-02-18 14:09:36 -08:00
20140218.passwords.3.vcsextend.sql Modernize VCS password storage to use shared hash infrastructure 2014-02-18 14:09:36 -08:00
20140218.passwords.4.vcs.php Modernize VCS password storage to use shared hash infrastructure 2014-02-18 14:09:36 -08:00
20140223.bigutf8scratch.sql Add test coverage that our definition of BMP agrees with MySQL 2014-02-23 16:20:38 -08:00
20140224.dxclean.1.datecommitted.sql Remove "dateCommitted" field from DifferentialRevision 2014-02-25 12:36:14 -08:00
20140226.dxcustom.1.fielddata.php Migrate old AuxiliaryField storage to modern CustomField storage 2014-02-26 16:52:30 -08:00
20140228.dxcomment.1.sql Make "EditPro" controller work with diff updates 2014-02-28 16:49:22 -08:00
20140305.diviner.1.slugcol.sql Fix Diviner links to articles by title 2014-03-05 12:07:26 -08:00
20140305.diviner.2.slugkey.sql Fix Diviner links to articles by title 2014-03-05 12:07:26 -08:00
20140311.mdroplegacy.sql Drop Maniphest legacy transaction table 2014-03-12 06:04:45 -07:00
20140314.projectcolumn.1.statuscol.sql Workboards - let users delete columns 2014-03-18 10:40:31 -07:00
20140314.projectcolumn.2.statuskey.sql Workboards - let users delete columns 2014-03-18 10:40:31 -07:00
20140317.mupdatedkey.sql Add "Date Updated" query fields for Maniphest 2014-03-17 15:53:07 -07:00
20140321.harbor.1.bxaction.sql Use ApplicationTransactions and CustomField to implement build steps 2014-03-25 16:08:40 -07:00
20140321.mstatus.1.col.sql Use string constants, not integer constants, to represent task status internally 2014-03-25 13:58:14 -07:00
20140321.mstatus.2.mig.php Use string constants, not integer constants, to represent task status internally 2014-03-25 13:58:14 -07:00
20140323.harbor.1.renames.php Rename concrete Harbormaster step implementations 2014-03-25 16:09:51 -07:00
20140323.harbor.2.message.sql Allow external systems to send messages to build targets 2014-03-25 16:11:28 -07:00
20140325.push.1.event.sql Provide a real object ("PhabricatorRepositoryPushEvent") to represent an entire push transaction 2014-03-26 13:51:06 -07:00
20140325.push.2.eventphid.sql Provide a real object ("PhabricatorRepositoryPushEvent") to represent an entire push transaction 2014-03-26 13:51:06 -07:00
20140325.push.3.groups.php Provide a real object ("PhabricatorRepositoryPushEvent") to represent an entire push transaction 2014-03-26 13:51:06 -07:00
20140325.push.4.prune.sql Provide a real object ("PhabricatorRepositoryPushEvent") to represent an entire push transaction 2014-03-26 13:51:06 -07:00
20140326.project.1.colxaction.sql Workboards - add column detail page 2014-03-26 14:40:47 -07:00
20140328.releeph.1.productxaction.sql Rename Releeph "Project" transactions to "Product" 2014-03-29 09:15:09 -07:00
20140330.flagtext.sql Allow very long notes on flags 2014-03-30 19:51:46 -07:00
20140402.actionlog.sql Add semi-generic rate limiting infrastructure 2014-04-03 11:22:38 -07:00
20140410.accountsecret.1.sql Use better secrets in generating account tokens 2014-04-10 11:45:10 -07:00
20140410.accountsecret.2.php Use better secrets in generating account tokens 2014-04-10 11:45:10 -07:00
20140416.harbor.1.sql Drop nonsense buildStatus field from Buildable 2014-04-17 16:01:06 -07:00
20140420.rel.1.objectphid.sql Add "requestedObjectPHID" to ReleephRequest 2014-04-20 11:55:18 -07:00
20140420.rel.2.objectmig.php Add "requestedObjectPHID" to ReleephRequest 2014-04-20 11:55:18 -07:00
20140421.slowvotecolumnsisclosed.sql Ability to close poll 2014-04-24 12:02:56 -07:00
20140423.session.1.hisec.sql Add "High Security" mode to support multi-factor auth 2014-04-27 17:31:11 -07:00
20140427.mfactor.1.sql Add multi-factor auth and TOTP support 2014-04-28 09:27:11 -07:00